It was discovered that no protection against multiple reflective XSS attacks was implemented, resulting in an attacker being able to retrive user data from end user, such as session cookies.The Appointment Booking Calendar 1.1.7 WordPress plugin is vulnerable to 3 reflective XSS vulnerabilities. Three XSS vectors were identified in cpabc_appointments_admin_int_bookings_list.inc.php